Around 1.4 million customers of a number of UK clothing and accessories websites have had their personal information exposed following a security breach at an IT services provider that they were sharing. Brands such as Jaded London, AX Paris, Elle Belle Attire, Perfect Handbags, DLSB (Dirty Little Style Bitch), and Traffic People were affected.
Lee Munson, Security Researcher at Comparitech.com:
“Data breaches of differing magnitudes are almost a daily occurrence and I’m sure many people have sympathy for the affected companies to some degree, more so if their response is quick and transparent in nature.
So, the fact that a number of UK clothing companies have opted to stay mum about the possibility of sensitive customer data entering the public realm is especially disconcerting.
While payment card data appears to be safe, names, email addresses and telephone numbers can all be leveraged for phishing and vishing attacks and those potentially affected really ought to know about the risks they may now be facing.
Given the lack of communication with customers at this point, it will be interesting to see if the affected parties now do what is required to remain compliant with the ICO and the General Data Protection Regulation.”
Ryan Wilk, Vice President at NuData Security:
“Although payment data was not exposed, the personally identifiable information accessed can easily fuel synthetic identity fraud and identity theft.
With these types of fraud, personally identifiable information such as name, address, or date of birth is traded on the dark web to steal a real identity or construct an entirely new fraudulent one for theft. NuData has seen a 100% increase in purchase attempts with flagged – suspicious – credit cards, which are often used under a fake account that has been created with stolen information.
This is why retailers, e-Commerce organisations, banks, and financial institutions are layering in multi-layered security strategies using passive biometrics and behavioural analytics. These technologies can identify and protect companies against fake accounts created with stolen information using automation.”